1# uOSCORE / uEDHOC 2 3This repository contains C implementations for constrained (and non-constrained) devices of the IETF protocols: 4 5* [OSOCRE (RFC8613)](https://tools.ietf.org/html/rfc8613) and 6* [EDHOC (draft-ietf-lake-edhoc-12 )](https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc-12). 7 8Main features of uOSCORE and uEDHOC are their independence from the OS, cryptographic engine and in the case of uEDHOC transport protocol. Additionally, uOSCORE and uEDHOC use only stack memory (no heap). 9 10For more background and evaluation in terms of speed, RAM and flash requirements see our paper [The Cost of OSCORE and EDHOC for Constrained Devices](https://arxiv.org/pdf/2103.13832.pdf). 11 12## How to Build and Link 13 14* check the configurations in `makefile_config.mk` and adjust them if necessary 15* run `make` 16* link the static library `build/libuoscore-uedhoc.a` in your project 17 18## Project (Folder) Structure 19 20``` 21. 22|---cddl_models/ 23|---externals/ 24|---inc/ 25|---samples/ 26|---scripts/ 27|---src/ 28|---test/ 29|---test_vectors/ 30``` 31* The folder `cddl_models` contains CDDL models for all CBOR structures. 32* The folder `externals` contains the external libraries and tools as git submodules. 33* The folder `inc` contains all header file. 34* The folder `samples` contains some usage examples. 35* The folder `scripts` contains scripts for generatinc C code from CDDL models and converting the json formatted EDHOC test vectors to a C header 36* The folder `src` contains all source file. 37* The folder `test` contains automated tests. 38* The folder `test_vectors` contains tests vectors. 39 40## API and Usage Model 41 42#### uOSCORE 43 44The API of uOSCORE consists of three functions: 45* `oscore_context_init()`, 46* `coap2oscore()` and 47* `oscore2coap()`. 48 49`coap2oscore()` and `oscore2coap()` convert CoAP to OSCORE packets and vice versa. `oscore_context_init()` initializes the OSCORE security context. 50 51First, `oscore_context_init()` function needs to be called on the client and server side, then `coap2oscore()` and `oscore2coap()` are called just before sending or receiving packets over the network. 52 53<img src="oscore_usage.svg" alt="drawing" width="600"/> 54 55 56#### uEDHOC 57 58The API of uEDHOC consists of four functions: 59* `ephemeral_dh_key_gen()` 60* `edhoc_initiator_run()`, 61* `edhoc_responder_run()`, 62* `edhoc_exporter()`, 63 64`ephemeral_dh_key_gen()` is used to generate fresh ephemeral DH keys before running the protocol. This function requires a random seed suable for cryptographic purposes. `edhoc_initiator_run()` and `edhoc_responder_run() ` has to be called on the initiator and responder side respectively. They return the External Authorization data `EAD_x`, the derived shared secret `PRK_4x3m` and the transcript hash `TH_4`. `PRK_4x3m` and `TH_4` are used as inputs for `edhoc_exporter()` to derive application specific keys, e.g., OSCORE master secret and OSCORE master salt. 65 66The EDHOC protocol requires the exchange of three messages which is independent of the underlying message transport protocol. For example [appendix-A.3 in the EDHOC specification](https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc-12#appendix-A.3) describes how EDHOC can be transferred over CoAP, however CoAP is not mandatory. In order to be independent of the transport protocol uEDHOC uses two callback functions which need to be implemented by the user for handling the sending and receiving of messages. These functions are: 67 68```c 69/** 70 * @brief The user should call inside this function its send function. 71 * 72 * 73 * @param sock a pointer used to identify the rx chanel, 74 * e.g. a socket handler 75 * @param data pointer to the data to be send 76 * @param data_len length of the data 77 */ 78enum err tx(void *sock, uint8_t *data, uint32_t data_len); 79 80/** 81 * @brief The user should call inside this function its receive 82 * function and copy the received data in the buffer <data>. 83 * The length of the buffer <data> must be 84 * checked before copying into it by using <data_len>. 85 * After copying the length of the received data should be written 86 * in <data_len>. 87 * 88 * 89 * @param sock a pointer used to identify the rx chanel, 90 * e.g. a socket handler 91 * @param data pointer to a buffer where the edhoc message must be copied 92 * @param data_len length of the received data. When this function is 93 * called inside EDHOC <data_len> is initialized with the actual 94 * available length of the <data>. 95 */ 96enum err rx(void *sock, uint8_t *data, uint32_t *data_len); 97``` 98 99 100 101## Supported Cipher Suites 102 103##### uOSCORE 104 105| Algorithms | 106| --------------------------- | 107| AES-CCM-16-64-128, SHA-256 | 108 109##### uEDHOC 110 111 112| Suit | Algorithms | 113| ---- | -------------------------------------------------------------------------- | 114| 0 | AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES-CCM-16-64-128, SHA-256 | 115| 1 | AES-CCM-16-128-128, SHA-256, 16, X25519, EdDSA, AES-CCM-16-64-128, SHA-256 | 116| 2 | AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256 | 117| 3 | AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256 | 118 119 120 121## Using the Samples 122 123The samples contained in `samples/` are supposed to enable the test and verification of a real OSCORE or EDHOC message exchange between two entities. There are samples that can be run on microcontrollers, e.g. NRF5x (using ZephyrOS) and samples that can be run on Linux systems. 124 125When using the samples for microcontroller , they have to be connected to an IPv6 network, which can be done with an IPv6 over BLE border router, using Bluetooth on the constrained devices. For further instructions on how to set up the border router on a Raspberry Pi, see [blerouter](externals/blerouter/README.MD). 126 127* **OSCORE Between a Microcontroller (e.g. nrf52832) as a Server and Linux Host as a Client** 128 129 The `oscore_device` samples suggest a use of a microcontroller, (e.g. nrf52832) as an OSCORE server and a Linux machine as an OSCORE client. Therefore setting up the network as described in [blerouter](externals/blerouter/README.MD) is required. 130 As this is a frequent error source: make sure that all addresses are set up correctly in the blerouter.sh script, the samples/oscore_linux/client/src/main.cpp file and the samples/oscore_device/server/prj.conf file. 131 132 * Configure and build OSCORE server on a microcontroller (nrf52832) using the Zephyr's build tool west 133 134 * open a terminal and cd to samples/oscore/device/server 135 136 ```bash 137 source <path to zephyr root>/zephyrproject/zephyr/zephyr-env.sh 138 west build -b=nrf52dk_nrf52832 139 west flash 140 ``` 141 142 * The server is now reachable under the specified address and can be supplied with CoAP and OSCORE messages. 143 144 * On a Raspberry Pi start externals/blerouter 145 146 ```bash 147 sudo ./blerouter.sh -d OscoreServer 148 # if it works correctly you should see somthink like: 149 # [18:27:47] scanning for devices 150 # connect to D9:A4:16:41:CC:2D OscoreServer 151 # [18:27:54] connected with D9:A4:16:41:CC:2D OscoreServer 152 # [18:27:57] connected with D9:A4:16:41:CC:2D OscoreServer 153 # ... 154 ``` 155 156 157 158 * Configure OSCORE Linux client 159 160 * open a terminal and cd to samples/oscore_linux/client 161 162 * run ```make``` and ```./build/oscore_linux_client to send CoAP and OSCORE messages to the OSCORE server 163 164* **OSCORE Between to Linux Hosts** 165 166 Adjust the IP address of the other party in samples/oscore_linux/client and samples/oscore_linux/server and run them. 167 168* **EDHOC** 169 170 Two parties are involved in a EDHOC message exchange -- an initiator (typically client) and a responder (typically server). The `edhoc_device` samples suggest the communication between a microcontroller and a Linux machine, with the network set up as described in [blerouter](externals/blerouter/README.MD). However, there can also be two Linux machines or two microcontrollers performing the EDHOC exchange, with the latter case requiring a second RPi set up as border router and connected to the second microcontroller. The addresses have to be changed accordingly in the prj.conf files. The following describes the setup for the EDHOC exchange between microcontroller and linux machine. 171 172 * Microcontroller as initiator and Linux machine as responder 173 174 * open a terminal and cd to samples/edhoc_linux/responder 175 * make sure the IP addresses are correct 176 * run ```make``` and ```./build/responder``` to build and run 177 * the linux responder can now be supplied with an EDHOC requests 178 * cd to samples/edhoc_device/initiator 179 180 ```bash 181 source <path to zephyr root>/zephyrproject/zephyr/zephyr-env.sh 182 west build -b=nrf52dk_nrf52832 183 west flash 184 ``` 185 * set up the border router as described here [blerouter](externals/blerouter/README.MD) 186 187 * the EDHOC message exchange should take place and the results should be printed on the linux machine - the message traffic can be captured and viewed using wireshark on the border router 188 189 * Linux machine as initiator and Microcontroller as responder 190 191 * open a terminal and cd to samples/edhoc_device/responder 192 193 ```bash 194 source <path to zephyr root>/zephyrproject/zephyr/zephyr-env.sh 195 west build -b=nrf52dk_nrf52832 196 west flash 197 ``` 198 199 * set up the border router as described here [blerouter](externals/blerouter/README.MD) 200 * the Microcontroller can now be supplied with an EDHOC request 201 * cd to samples/edhoc_linux/initiator 202 * run ```make``` and ```./build/initiator``` to build and run 203 * the EDHOC message exchange should take place and the results should be printed on the linux machine - the message traffic can be captured and viewed using wireshark 204 205 206## Using Different Cryptographic Libraries or Hardware Accelerators 207 208The logic of uOSCORE and uEDHOC is independent form the cryptographic library, i.e., the cryptographic library can easily be exchanged by the user. For that the user needs to provide implementations for the functions specified in `crypto_wrapper.c`. 209 210
